github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

erge laoguang.

pull/26/head
yumaojun 2015-11-30 23:10:31 +08:00
parent e0aaba2cf5 4b36fc540d
commit f3102e3b5b
6 changed files with 75 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jperm/ansible_api.py
View File

@ -444,23 +444,8 @@ class Tasks(Command):
:return: :return:
""" """
module_args1 = file_path module_args1 = file_path
ret1 = self.__run(module_args1, "script") ret = self.__run(module_args1, "script")
module_args2 = 'visudo -c | grep "parsed OK" &> /dev/null && echo "ok" || echo "failed"' return ret
ret2 = self.__run(module_args2, "shell")
ret2_status = [host_value.get("stdout") for host_value in ret2["result"]["contacted"].values()]
result = {}
if not ret1["msg"]:
result["step1"] = "ok"
else:
result["msg"] = ret1["msg"]
if not ret2["msg"] and "failed" not in ret2_status:
result["step2"] = "ok"
else:
result["msg"] = ret1["msg"]
return result
class CustomAggregateStats(callbacks.AggregateStats): class CustomAggregateStats(callbacks.AggregateStats):

2
jperm/urls.py
View File

@ -13,9 +13,9 @@ urlpatterns = patterns('jperm.views',
(r'^role/perm_role_detail/$', perm_role_detail), (r'^role/perm_role_detail/$', perm_role_detail),
(r'^role/perm_role_edit/$', perm_role_edit), (r'^role/perm_role_edit/$', perm_role_edit),
(r'^role/push/$', perm_role_push), (r'^role/push/$', perm_role_push),
(r'^role/recycle/$', perm_role_recycle),
(r'^sudo/$', perm_sudo_list), (r'^sudo/$', perm_sudo_list),
(r'^sudo/perm_sudo_add/$', perm_sudo_add), (r'^sudo/perm_sudo_add/$', perm_sudo_add),
(r'^sudo/perm_sudo_delete/$', perm_sudo_delete), (r'^sudo/perm_sudo_delete/$', perm_sudo_delete),
(r'^sudo/perm_sudo_edit/$', perm_sudo_edit), (r'^sudo/perm_sudo_edit/$', perm_sudo_edit),
) )

34
jperm/views.py
View File

@ -319,6 +319,7 @@ def perm_role_detail(request):
if request.method == "GET": if request.method == "GET":
role_id = request.GET.get("id") role_id = request.GET.get("id")
role = get_object(PermRole, id=role_id)
role_info = get_role_info(role_id) role_info = get_role_info(role_id)
# 渲染数据 # 渲染数据
@ -410,25 +411,8 @@ def perm_role_push(request):
for asset_group in asset_groups_obj: for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all()) group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj)) calc_assets = list(set(assets_obj) | set(group_assets_obj))
# 生成Inventory
# push_resource = []
# for asset in calc_assets:
# if asset.use_default_auth:
# username = Setting.field1
# port = Setting.field2
# password = Setting.field3
# else:
# username = asset.username
# password = asset.password
# port = asset.port
# push_resource.append({"hostname": asset.ip,
# "port": port,
# "username": username,
# "password": password})
push_resource = gen_resource(calc_assets) push_resource = gen_resource(calc_assets)
logger.debug('Push role res: %s' % push_resource)
logger.debug('推送role res: %s' % push_resource)
# 调用Ansible API 进行推送 # 调用Ansible API 进行推送
password_push = True if request.POST.get("use_password") else False password_push = True if request.POST.get("use_password") else False
@ -463,7 +447,7 @@ def perm_role_push(request):
if ret['sudo'].get('msg'): if ret['sudo'].get('msg'):
ret_failed = ret['sudo'].get('msg') ret_failed = ret['sudo'].get('msg')
os.remove(add_sudo_script) # os.remove(add_sudo_script)
logger.debug('推送role结果: %s' % ret) logger.debug('推送role结果: %s' % ret)
logger.debug('推送role错误: %s' % ret_failed) logger.debug('推送role错误: %s' % ret_failed)
@ -591,3 +575,15 @@ def perm_sudo_delete(request):
return HttpResponse(u"不支持该操作") return HttpResponse(u"不支持该操作")
@require_role('admin')
def perm_role_recycle(request):
role_id = request.GET.get('role_id')
asset_ids = request.GET.get('asset_id').split(',')
for asset_id in asset_ids:
asset = get_object(Asset, id=asset_id)
role = get_object(PermRole, id=role_id)
PermPush.objects.filter(asset=asset, role=role).delete()
return HttpResponse('删除成功')

55
templates/jperm/perm_role_detail.html
View File

@ -1,7 +1,6 @@
{% extends 'base.html' %} {% extends 'base.html' %}
{% load mytags %} {% load mytags %}
{% block content %} {% block content %}
{% include 'nav_cat_bar.html' %} {% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight"> <div class="wrapper wrapper-content animated fadeInRight">
@ -146,7 +145,7 @@
</div> </div>
</div> </div>
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-6">
<div class="ibox float-e-margins"> <div class="ibox float-e-margins">
<div class="ibox-title"> <div class="ibox-title">
<span class="label label-primary"><b>推送主机</b></span> <span class="label label-primary"><b>推送主机</b></span>
@ -172,17 +171,25 @@
<div> <div>
<div class="text-left"> <div class="text-left">
<table class="table table-striped" id="ugedit" > <table class="table table-striped" id="ugedit" >
<a class="btn btn-xs btn-danger del_muti"> 删除 </a>
<thead> <thead>
<tr> <tr>
<th class="text-center">
<input type="checkbox" id="check_all" onclick="checkAll()">
</th>
<th class="text-center">主机</th> <th class="text-center">主机</th>
<th class="text-center">密钥</th> <th class="text-center">密钥</th>
<th class="text-center">密码</th> <th class="text-center">密码</th>
<th class="text-center">结果</th> <th class="text-center">结果</th>
<th class="text-center">操作</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{% for asset, info in pushed_asset.items %} {% for asset, info in pushed_asset.items %}
<tr class="gradeX"> <tr class="gradeX">
<th class="text-center">
<input type="checkbox" name="checked" value="{{ asset.id }}">
</th>
<td class="text-center"> {{ asset.hostname }} </td> <td class="text-center"> {{ asset.hostname }} </td>
<td class="text-center"> {{ info.key | yesno:"是,否,未知" }} </td> <td class="text-center"> {{ info.key | yesno:"是,否,未知" }} </td>
<td class="text-center"> {{ info.password | yesno:"是,否,未知" }} </td> <td class="text-center"> {{ info.password | yesno:"是,否,未知" }} </td>
@ -191,6 +198,7 @@
{% else %} {% else %}
<td class="text-center" style="color: #ec4758;cursor: help" title="{{ info.result }}" >{{ info.success | yesno:"成功,失败,未知" }} </td> <td class="text-center" style="color: #ec4758;cursor: help" title="{{ info.result }}" >{{ info.success | yesno:"成功,失败,未知" }} </td>
{% endif %} {% endif %}
<td class="text-center" ><a class="fa fa-times del" href="/jperm/role/recycle/?role_id={{ role.id }}&asset_id={{ asset.id }}" style="color: #ec4758;"></a></td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>
@ -204,7 +212,7 @@
<div class="col-sm-4"> <div class="col-sm-4">
<div class="ibox float-e-margins"> <div class="ibox float-e-margins">
<div class="ibox-title"> <div class="ibox-title">
<span class="label label-primary"><b>未推送主机</b></span> <span class="label label-danger"><b>未推送主机</b></span>
<div class="ibox-tools"> <div class="ibox-tools">
<a class="collapse-link"> <a class="collapse-link">
<i class="fa fa-chevron-up"></i> <i class="fa fa-chevron-up"></i>
@ -245,14 +253,43 @@
</div> </div>
</div> </div>
{% endblock %}
{% block self_footer_js %}
<script> <script>
$(document).ready(function(){ $(document).ready(function(){
$('#show').click(function(){ $('.del').click(function(){
$('#last').css('display', 'none'); var url = $(this).attr('href');
$('#all').css('display', 'block'); $.get(
}) url,
{},
function(data){
location.reload()
}
);
return false;
});
$('.del_muti').click(function(){
var check_array = [];
if (confirm("确定删除")) {
$(".gradeX input:checked").each(function() {
check_array.push($(this).attr("value"))
});
var url = '/jperm/role/recycle/?role_id={{ role.id }}&asset_id=' + check_array.join(',');
$.get(url,
{},
function(data){
location.reload()
}
)
}
return false;
});
}) })
</script> </script>
{% endblock %} {% endblock %}

2
templates/jperm/perm_role_list.html
View File

@ -99,7 +99,7 @@ function remove_role(role_id){
del_row.remove() del_row.remove()
}, },
error: function (msg) { error: function (msg) {
console.log(msg) console.log(msg);
alert("失败: " + msg) alert("失败: " + msg)
} }
}); });

27
templates/jperm/role_sudo.j2
View File

@ -1,15 +1,15 @@
#!/bin/bash #!/bin/bash
sudo_file=/etc/sudoers real_file=/etc/sudoers
sudo_file_bak=/etc/sudoers.bak tmp_file=$(mktemp /tmp/XXXXXXX)
# Backup sudoers file # Backup sudoers file
cp ${sudo_file} ${sudo_file_bak} cp ${sudo_file} ${sudo_file_bak}
# Add Command Aliases # Add Command Aliases
add_cmd_alias() { add_cmd_alias() {
sudo_file=$1
{% for sudo in sudo_alias %} {% for sudo in sudo_alias %}
if $(grep '^Cmnd_Alias {{ sudo.name }}' ${sudo_file} &> /dev/null); then if $(grep '^Cmnd_Alias {{ sudo.name }}' ${sudo_file} &> /dev/null); then
sed -i 's@^Cmnd_Alias.*{{ sudo.name }}.*@Cmnd_Alias {{ sudo.name }} = {{ sudo.commands }}@g' ${sudo_file} sed -i 's@^Cmnd_Alias.*{{ sudo.name }}.*@Cmnd_Alias {{ sudo.name }} = {{ sudo.commands }}@g' ${sudo_file}
@ -22,6 +22,7 @@ add_cmd_alias() {
# Add Command Aliases to role # Add Command Aliases to role
add_role_chosen() { add_role_chosen() {
sudo_file=$1
{% for role, alias in role_chosen_aliase.items %} {% for role, alias in role_chosen_aliase.items %}
if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then
sed -i 's@^{{ role }}.*@{{ role }} ALL = NOPASSWD: {{ alias }}@g' ${sudo_file} sed -i 's@^{{ role }}.*@{{ role }} ALL = NOPASSWD: {{ alias }}@g' ${sudo_file}
@ -31,20 +32,12 @@ add_role_chosen() {
{% endfor %} {% endfor %}
} }
# Check sudoers file configured correctly
check_sudo_file() { check_syntax(){
status=$(visudo -c &> /dev/null && echo "ok" || echo "failed") visudo -c -f $1
if [ ${status} == "failed" ]; then
mv ${sudo_file_bak} ${sudo_file}
ret="failed"
else
ret="ok"
fi
} }
cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1
check_syntax $tmp_file && add_cmd_alias $real_file && add_role_chosen $real_file && rm -f $tmp_file || exit 2
check_syntax $real_file
add_cmd_alias
add_role_chosen
check_sudo_file
echo ${ret}